Cryptology ePrint Archive: Report 2010/593

Differential Attack on Five Rounds of the SC2000 Block Cipher

Jiqiang Lu

Abstract: The SC2000 block cipher has a 128-bit block size and a user key of 128, 192 or 256 bits, which employs a total of 6.5 rounds if a 128-bit user key is used. It is a CRYPTREC recommended e-government cipher. In this
paper we describe two 4.75-round differential characteristics with
probability $2^{-126}$ of SC2000 and seventy-six 4.75-round differential characteristics with probability $2^{-127}$. Finally,
we present a differential cryptanalysis attack on a 5-round reduced
version of SC2000 when used with a 128-bit key; the attack requires
$2^{125.68}$ chosen plaintexts and has a time complexity of $2^{125.75}$ 5-round SC2000 encryptions. It suggests for the first time that the safety margin of SC2000 with a 128-bit key decreases below one and a half rounds.

Note: In this enhanced version, we address how to recover the user key from a few subkey bits of SC2000, give more non-trivial 4.75-round differential characteristics, and present a more efficient attack.